When an object is created, it is assigned an owner. The owner
is normally the user that executed the creation statement. For
most kinds of objects, the initial state is that only the owner
(or a superuser) can do anything with the object. To allow other
users to use it, privileges must be
granted. There are several different kinds of privilege:
SELECT, INSERT,
UPDATE, DELETE,
RULE, REFERENCES, TRIGGER,
CREATE, TEMPORARY, EXECUTE, and
USAGE. For more information on the
different types of privileges supported by PostgreSQL, see the GRANT reference page.

To assign privileges, the GRANT
command is used. So, if joe is an
existing user, and accounts is an
existing table, the privilege to update the table can be granted
with

GRANT UPDATE ON accounts TO joe;

To grant a privilege to a group, use

GRANT SELECT ON accounts TO GROUP staff;

The special name PUBLIC can be used
to grant a privilege to every user on the system. Writing
ALL in place of a specific privilege
specifies that all privileges that apply to the object will be
granted.

To revoke a privilege, use the fittingly named REVOKE command:

REVOKE ALL ON accounts FROM PUBLIC;

The special privileges of an object's owner (i.e., the right
to modify or destroy the object) are always implicit in being the
owner, and cannot be granted or revoked. But the owner can choose
to revoke his own ordinary privileges, for example to make a
table read-only for himself as well as others.

An object can be assigned to a new owner with an ALTER command of the appropriate kind for the
object. Only superusers can do this.